Skip to main content
CVE-2016-4054 HIGH Act Now

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 79.9% and no vendor patch available.

RCE Buffer Overflow Ubuntu Linux Squid Linux
NVD
CVSS 3.0
8.1
EPSS
79.9%
Threat
4.0
CVE-2016-4052 HIGH PATCH Act Now

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.6%.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Squid
NVD
CVSS 3.0
8.1
EPSS
23.6%
CVE-2016-2346 HIGH POC This Week

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Pl Sql Developer
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-4051 HIGH PATCH This Week

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Linux +1
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2016-2332 HIGH This Week

flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Syslink Sl 1000 Modular Gateway Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2113 HIGH PATCH This Week

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
7.4
EPSS
4.2%
CVE-2016-1202 HIGH PATCH This Week

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Node.js Electron
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8852 HIGH This Week

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Varnish Cache Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-2333 HIGH This Week

SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syslink Sl 1000 Modular Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy